 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
Beginning with JUNOS release 8.0, you can limit the number times a user can attempt to enter a password while logging in through SSH or Telnet. The connection is terminated if a user fails to log in after the number of attempts specified. You can also specify a delay, in seconds, before a user can try to enter a password after a failed attempt. In addition, you can specify the threshold for the number of failed attempts before the user experiences a delay in being able to enter a password again.
To specify the number of times a user can attempt to enter a password while logging in, include the retry-options statement at the [edit system login] hierarchy level:
- [edit system login]
-
retry-options {
- tries-before-disconnect number;
- backoff-threshold number;
- backoff-factor seconds;
- minimum-time seconds;
- }
- password {
- }
You can configure the following options.
Limit the user four attempts when entering a password while logging in through SSH or Telnet. Set the backoff-threshold to 2, the back-off-factor to 5 seconds, and the minimum-time to 40 seconds. The user experiences a delay of 5 seconds after the second attempt to enter a correct password fails. After each subsequent failed attempt, the delay increases by 5 seconds. After the fourth and final failed attempt to enter a correct password, the user experiences an additional 10-second delay, and the connection closes after a total of 40 seconds.
- [edit]
- system {
-
- login {
-
- retry-options {
- tries-before-disconnect 4;
- backoff-threshold 2;
- backoff-factor 5;
- minimum-time 40;
- }
-
- password {
- }
- }
- }
| Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |